Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Python dependencies before 0.3.9-rc2
Normally, we're hesistant to issue an update for dependencies when we've already
entered the release candidate(s) stage of the release process. In this case, the
changes I'm adding are all minor bug fixes that I've reviewed. Two of the fixes
were labeled as security issues, however, they don't really affect us as
explained below.
* Werkzeug
* A bug that allowed XSS attacks on the debug page has been fixed (we
don't run Flask in debug mode in production) -
pallets/werkzeug#1001
* Invalid Content-Type makes for parsing throw ValueError exception (the fix
returns an invalid request 400 Bad Request page instead of an internal
server error when the content-type field of a HTTP request is bad--such as
' ' or ',') - pallets/werkzeug#995
* Raise BadRequestKeyError instead of IndexError in MultiDict when calling
__getitem__ on a key with an empty associated list of values (Flask returns
forms and query strings as MultiDicts. This is just better error-handling,
no real bug being fixed here.) -
pallets/werkzeug#979
* pytop
* The string comparison function now no longer leaks string length (shouldn't
affect SD because the length of our TOTP codes are already known) -
pyauth/pyotp#28- Loading branch information